201 lines
7.9 KiB
Diff
201 lines
7.9 KiB
Diff
From 9c23ccb58d4f31bf666010cf0c35116b96b2a3d9 Mon Sep 17 00:00:00 2001
|
|
From: beta <beta@yfqm.date>
|
|
Date: Fri, 1 Dec 2023 23:34:25 +0800
|
|
Subject: [PATCH] Add openEuler PAM config
|
|
|
|
Signed-off-by: beta <beta@yfqm.date>
|
|
---
|
|
data/meson.build | 8 ++++++++
|
|
data/pam-openeuler/gdm-autologin.pam | 15 ++++++++++++++
|
|
data/pam-openeuler/gdm-fingerprint.pam | 15 ++++++++++++++
|
|
data/pam-openeuler/gdm-launch-environment.pam | 9 +++++++++
|
|
data/pam-openeuler/gdm-password.pam | 19 ++++++++++++++++++
|
|
data/pam-openeuler/gdm-pin.pam | 20 +++++++++++++++++++
|
|
data/pam-openeuler/gdm-smartcard.pam | 15 ++++++++++++++
|
|
meson.build | 1 +
|
|
meson_options.txt | 2 +-
|
|
9 files changed, 103 insertions(+), 1 deletion(-)
|
|
create mode 100644 data/pam-openeuler/gdm-autologin.pam
|
|
create mode 100644 data/pam-openeuler/gdm-fingerprint.pam
|
|
create mode 100644 data/pam-openeuler/gdm-launch-environment.pam
|
|
create mode 100644 data/pam-openeuler/gdm-password.pam
|
|
create mode 100644 data/pam-openeuler/gdm-pin.pam
|
|
create mode 100644 data/pam-openeuler/gdm-smartcard.pam
|
|
|
|
diff --git a/data/meson.build b/data/meson.build
|
|
index 05a2011..bb79abe 100644
|
|
--- a/data/meson.build
|
|
+++ b/data/meson.build
|
|
@@ -137,6 +137,14 @@ pam_data_files_map = {
|
|
'gdm-password',
|
|
'gdm-pin',
|
|
],
|
|
+ 'openeuler': [
|
|
+ 'gdm-autologin',
|
|
+ 'gdm-launch-environment',
|
|
+ 'gdm-fingerprint',
|
|
+ 'gdm-smartcard',
|
|
+ 'gdm-password',
|
|
+ 'gdm-pin',
|
|
+ ],
|
|
'none': [],
|
|
# We should no longer have 'autodetect' at this point
|
|
}
|
|
diff --git a/data/pam-openeuler/gdm-autologin.pam b/data/pam-openeuler/gdm-autologin.pam
|
|
new file mode 100644
|
|
index 0000000..97a4a13
|
|
--- /dev/null
|
|
+++ b/data/pam-openeuler/gdm-autologin.pam
|
|
@@ -0,0 +1,15 @@
|
|
+#%PAM-1.0
|
|
+auth [success=ok default=1] pam_gdm.so
|
|
+-auth optional pam_gnome_keyring.so
|
|
+auth sufficient pam_permit.so
|
|
+account required pam_nologin.so
|
|
+account include system-auth
|
|
+password include system-auth
|
|
+session required pam_selinux.so close
|
|
+session required pam_loginuid.so
|
|
+session required pam_selinux.so open
|
|
+session optional pam_keyinit.so force revoke
|
|
+session required pam_namespace.so
|
|
+session include system-auth
|
|
+session optional pam_gnome_keyring.so auto_start
|
|
+session include postlogin
|
|
diff --git a/data/pam-openeuler/gdm-fingerprint.pam b/data/pam-openeuler/gdm-fingerprint.pam
|
|
new file mode 100644
|
|
index 0000000..628568e
|
|
--- /dev/null
|
|
+++ b/data/pam-openeuler/gdm-fingerprint.pam
|
|
@@ -0,0 +1,15 @@
|
|
+auth substack fingerprint-auth
|
|
+auth include postlogin
|
|
+
|
|
+account required pam_nologin.so
|
|
+account include fingerprint-auth
|
|
+
|
|
+password include fingerprint-auth
|
|
+
|
|
+session required pam_selinux.so close
|
|
+session required pam_loginuid.so
|
|
+session required pam_selinux.so open
|
|
+session optional pam_keyinit.so force revoke
|
|
+session required pam_namespace.so
|
|
+session include fingerprint-auth
|
|
+session include postlogin
|
|
diff --git a/data/pam-openeuler/gdm-launch-environment.pam b/data/pam-openeuler/gdm-launch-environment.pam
|
|
new file mode 100644
|
|
index 0000000..2e9ea2b
|
|
--- /dev/null
|
|
+++ b/data/pam-openeuler/gdm-launch-environment.pam
|
|
@@ -0,0 +1,9 @@
|
|
+#%PAM-1.0
|
|
+auth required pam_env.so
|
|
+auth required pam_permit.so
|
|
+auth include postlogin
|
|
+account required pam_permit.so
|
|
+password required pam_permit.so
|
|
+session optional pam_keyinit.so force revoke
|
|
+session include system-auth
|
|
+session include postlogin
|
|
diff --git a/data/pam-openeuler/gdm-password.pam b/data/pam-openeuler/gdm-password.pam
|
|
new file mode 100644
|
|
index 0000000..c75da00
|
|
--- /dev/null
|
|
+++ b/data/pam-openeuler/gdm-password.pam
|
|
@@ -0,0 +1,19 @@
|
|
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
|
|
+auth substack password-auth
|
|
+auth optional pam_gnome_keyring.so
|
|
+auth include postlogin
|
|
+
|
|
+account required pam_nologin.so
|
|
+account include password-auth
|
|
+
|
|
+password substack password-auth
|
|
+-password optional pam_gnome_keyring.so use_authtok
|
|
+
|
|
+session required pam_selinux.so close
|
|
+session required pam_loginuid.so
|
|
+session required pam_selinux.so open
|
|
+session optional pam_keyinit.so force revoke
|
|
+session required pam_namespace.so
|
|
+session include password-auth
|
|
+session optional pam_gnome_keyring.so auto_start
|
|
+session include postlogin
|
|
diff --git a/data/pam-openeuler/gdm-pin.pam b/data/pam-openeuler/gdm-pin.pam
|
|
new file mode 100644
|
|
index 0000000..66277d3
|
|
--- /dev/null
|
|
+++ b/data/pam-openeuler/gdm-pin.pam
|
|
@@ -0,0 +1,20 @@
|
|
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
|
|
+auth requisite pam_pin.so
|
|
+auth substack password-auth
|
|
+auth optional pam_gnome_keyring.so
|
|
+auth include postlogin
|
|
+
|
|
+account required pam_nologin.so
|
|
+account include password-auth
|
|
+
|
|
+password include password-auth
|
|
+password optional pam_pin.so
|
|
+
|
|
+session required pam_selinux.so close
|
|
+session required pam_loginuid.so
|
|
+session required pam_selinux.so open
|
|
+session optional pam_keyinit.so force revoke
|
|
+session required pam_namespace.so
|
|
+session include password-auth
|
|
+session optional pam_gnome_keyring.so auto_start
|
|
+session include postlogin
|
|
diff --git a/data/pam-openeuler/gdm-smartcard.pam b/data/pam-openeuler/gdm-smartcard.pam
|
|
new file mode 100644
|
|
index 0000000..3264a71
|
|
--- /dev/null
|
|
+++ b/data/pam-openeuler/gdm-smartcard.pam
|
|
@@ -0,0 +1,15 @@
|
|
+auth substack smartcard-auth
|
|
+auth include postlogin
|
|
+
|
|
+account required pam_nologin.so
|
|
+account include smartcard-auth
|
|
+
|
|
+password include smartcard-auth
|
|
+
|
|
+session required pam_selinux.so close
|
|
+session required pam_loginuid.so
|
|
+session required pam_selinux.so open
|
|
+session optional pam_keyinit.so force revoke
|
|
+session required pam_namespace.so
|
|
+session include smartcard-auth
|
|
+session include postlogin
|
|
diff --git a/meson.build b/meson.build
|
|
index 4ace94b..49618e1 100644
|
|
--- a/meson.build
|
|
+++ b/meson.build
|
|
@@ -172,6 +172,7 @@ if default_pam_config == 'autodetect'
|
|
'/etc/exherbo-release': 'exherbo',
|
|
'/etc/arch-release': 'arch',
|
|
'/etc/lfs-release': 'lfs',
|
|
+ '/etc/openEuler-release': 'openeuler',
|
|
}
|
|
|
|
foreach _file, _pam_conf : pam_autodetect_map
|
|
diff --git a/meson_options.txt b/meson_options.txt
|
|
index 49550bc..3c07d16 100644
|
|
--- a/meson_options.txt
|
|
+++ b/meson_options.txt
|
|
@@ -2,7 +2,7 @@ option('at-spi-registryd-dir', type: 'string', value: '', description: 'Specify
|
|
option('check-accelerated-dir', type: 'string', value: '', description: 'Specify the directory of gnome-session-check-accelerated.')
|
|
option('custom-conf', type: 'string', value: '', description: 'Filename to give to custom configuration file.')
|
|
option('dbus-sys', type: 'string', value: '', description: 'Where D-Bus systemd directory is.')
|
|
-option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'none'], value: 'autodetect', description: '')
|
|
+option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'openeuler', 'none'], value: 'autodetect', description: '')
|
|
option('default-path', type: 'string', value: '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin', description: 'Path GDM will use as the user\'s default PATH.')
|
|
option('defaults-conf', type: 'string', value: '', description: 'Filename to give to defaults file.')
|
|
option('dmconfdir', type: 'string', value: '', description: 'Directory where sessions are stored.')
|
|
--
|
|
2.27.0
|
|
|